You may have probably heard of social engineering before but don’t know what it is or how it is being carried out, this article shares more light on what social engineering is and how it is carried out.
Social Engineering is the method of Persuading, tricking or otherwise getting a target to reveal sensitive information or getting them to do something that is not going to be in their best interest and they will happily do it. It is surprising to find out that social engineering is far easier to implement than to crack a firewall or network security devices.
Generally speaking, cybersecurity officials have found out over the years that human beings are the weakest link in a security chain. The only way to mitigate social engineering is training and awareness, most people are not even aware there is something like that otherwise they would have raised an alarm immediately they have said or done something after being socially engineered through a phone call or email.
Social Engineering works most time because it targets people’s behavior, natural tendencies and sense of obligation knowing that people will always want to feel they are doing their job and doing it correctly.
One of the ways they exploit people is through the trust factor. People want to trust others especially when they know the correct vocabulary or terminology. When they see or meet people who are dressed, speak or present themselves in a certain way, they will instill a form of trust in them.
Another way is insufficient policies on how information can are communicated, social engineering prey on people who do not have the correct training or orientation on giving out information over a phone call or an email. The biggest weakness of people who are often socially engineered is ignorance.
At its nature, social engineering usually is hard to detect by technology because it is ignoring all forms of technology and going after human elements. A regular attack against intrusion detection system, firewalls or any sort of technology-based assets is going to have a log file but people don’t have thereby making it hard to detect.
One of the most common forms of social engineering is Phishing. Phishing is the criminal art of acquiring sensitive, personal or any kind of secret information such as username, password, credit card numbers by masquerading somebody trustworthy like a friend, relative, coworker or a financial organization representative.
Over the years it has become one of the most common attacks and the major cause of malware, cryptolocker, and ransomware. A lot of criminally minded individuals have ended up using phishing as a major avenue of getting the information of their target.
They usually arouse a basic sense of urgency, it can happen through phone calls, emails or websites, sometimes they manipulate links that are linked to a fake login Sites of popular websites such as Facebook, Yahoo and so on. When you enter your login information it will save it and you will be redirected to the actual website.
This can later be used to access your account to get more information about you. In most cases it is always motivated by money, they can either be after your identity and credentials to steal your money or to steal money from you directly or they can socially engineer you to install ransomware or cryptolocker in its different variant.
They can then hold your data hostage and ask you to pay money to get them back. They gather information at the recon stage of the attack by going on social networking sites such as Facebook, LinkedIn to get information like names, date of birth, where you work, your interests, hobbies, skills and e.t.c.
All they need to do is to get access to your email credentials to go through your emails, your communication flows, contacts and study the type of relationships you have with people. Sometimes we usually save important credentials inside our email, we use the same login credentials across multiple platforms which could be detrimental to our security.
This act allows anyone with your login information to get access to your other accounts easily. Another common way is through link manipulation, they make the link look legitimate, the text on top looks right but the URL at the bottom is actually not correct.
There are no definite ways to prevent social engineering, one can only be informed and take some precautions by eliminating completely bad practices such as using the same password across multiple platforms.
Engage the use of two-factor authentication, it is not easy but we need to build some inconvenience into into our lifestyles to protect ourselves.
Reduce the amount of information we give out on social media.
Try to be smart because a lot of times these bad guys are not always perfect, there is usually one mistake or the other, try to guess when they aren’t sure of something. Be skeptical, ask yourself questions like; do I know this person, have I met them in person, am I expecting an email from this person, do they know me, When you get an email look, at the return address to see if it corresponds with the sender email.
Hover your mouse on a link before clicking it while checking the bottom left or your browser to see the actual URL of the link destination. You cannot be too careful or too informed when it comes to protecting yourself against social engineering the aftermath effect could be devastating.
Source: withinnigeria.com